Medium Severity

IBM Security Bulletin: Cross-site scripting vulnerabilities affects IBM License Metric Tool v9.x and IBM BigFix Inventory v9.x (CVE-2019-4368)

Share this post:

IBM License Metric Tool and IBM BigFix Inventory is vulnerable to cross-site scripting, caused by improper neutralization of user-supplied input in some situations. That vulnerability allows users to embed arbitrary JavaScript code in some of the Web UI forms thus altering the intended functionality and allowing spoofing attacks.

CVE(s): CVE-2019-4368

Affected product(s) and affected version(s):
IBM License Metric Tool v9.x
IBM BigFix Inventory v9.x

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10881400&myns=swgother&mynp=OCSSKLLW&mync=E&cm_sp=swgother-_-OCSSKLLW-_-E
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/118855

More stories

IBM Security Bulletin: A Security Vulnerability affects IBM Cloud Private – Kubernetes (CVE-2019-11246)

Jul 20, 2019 9:01 am EDT | Medium Severity

A Security Vulnerability affects IBM Cloud Private – Kubernetes (CVE-2019-11246) CVE(s): CVE-2019-11246 Affected product(s) and affected version(s):IBM Cloud Private 3.1.0, 3.1.1, 3.1.2, 3.2.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=ibm10957893X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/162892 ...read more


IBM Security Bulletin: Multiple vulnerabilities in Jetty affect Netcool Agile Service Manager (CVE-2019-10247, CVE-2019-10246)

Jul 19, 2019 9:02 am EDT | Medium Severity

There are multiple vulnerabilities in Eclipse Jetty used by Netcool Agile Service Manager. Netcool Agile Service Manager has addressed the applicable CVEs. CVE(s): CVE-2019-10247, CVE-2019-10246 Affected product(s) and affected version(s):Netcool Agile Service Manager 1.1.3 – 1.1.4 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10887913X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/160610X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/160611 ...read more


IBM Security Bulletin: Buffer overflow vulnerability in IBM Spectrum Protect Backup-Archive Client (CVE-2019-4267)

Jul 19, 2019 9:02 am EDT | Medium Severity

The IBM Spectrum Protect (formerly Tivoli Storage Manager) Backup-Archive Client is vulnerable to a buffer overflow that could allow execution of arbitrary code on the local system or the application to crash. CVE(s): CVE-2019-4267 Affected product(s) and affected version(s):This security exposure affects IBM Spectrum Protect (formerly Tivoli Storage Manager) Backup-Archive Client levels: 8.1.0.0 through 8.1.7.1 ...read more